Penetration Testing mailing list archives

Re: [PEN-TEST] ftp etc/passwd

From: "Edwards, David (JTD)" <Edwards.David2 () SAUGOV SA GOV AU>
Date: Wed, 29 Nov 2000 14:17:34 +1030

Hi,

-----Original Message-----
From: Seth Georgion [mailto:sgeorgion () ECLOSER COM]
Subject: [PEN-TEST] ftp etc/passwd

I'm doing a pen-test on a Solaris/NT network and I found a
Solaris server
with anonymous ftp on and with what appears to be the root
directory of a
user on the system.


Anon ftp normally runs chroot so you are probably only seeing
bogus system files. Check the size of passwd, it should only
be around 20 bytes or so, just a line for the anon ftp user.
The group file should only contain the ftp group as well.

ciao
dave
---
Dave Edwards
Justice Technology Division
Ph: +61 8 82265426 || 0408 808355
mailto:edwards.david2 () saugov sa gov au
Snail: Justice Technology Division
       GPO Box 2048, Adelaide 5001
---
The information in this e-mail may be confidential and/or legally
privileged.  Use or disclosure by anyone other than the intended
recipient is prohibited and may be unlawful.  If you have received
this e-mail in error, please advise me immediately.

Current thread:

Re: [PEN-TEST] ftp etc/passwd Edwards, David (JTD) (Nov 29)
- Re: [PEN-TEST] ftp etc/passwd John Weekley (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] ftp etc/passwd Mark Donoghue (Nov 30)